diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libtls/tls_keypair.c | 146 |
1 files changed, 146 insertions, 0 deletions
diff --git a/src/lib/libtls/tls_keypair.c b/src/lib/libtls/tls_keypair.c new file mode 100644 index 0000000000..eef92b3b24 --- /dev/null +++ b/src/lib/libtls/tls_keypair.c | |||
| @@ -0,0 +1,146 @@ | |||
| 1 | /* $OpenBSD: tls_keypair.c,v 1.1 2018/02/08 05:56:49 jsing Exp $ */ | ||
| 2 | /* | ||
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | ||
| 4 | * | ||
| 5 | * Permission to use, copy, modify, and distribute this software for any | ||
| 6 | * purpose with or without fee is hereby granted, provided that the above | ||
| 7 | * copyright notice and this permission notice appear in all copies. | ||
| 8 | * | ||
| 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
| 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
| 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
| 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
| 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
| 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
| 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
| 16 | */ | ||
| 17 | |||
| 18 | #include <openssl/bio.h> | ||
| 19 | #include <openssl/err.h> | ||
| 20 | #include <openssl/pem.h> | ||
| 21 | |||
| 22 | #include <tls.h> | ||
| 23 | |||
| 24 | #include "tls_internal.h" | ||
| 25 | |||
| 26 | struct tls_keypair * | ||
| 27 | tls_keypair_new(void) | ||
| 28 | { | ||
| 29 | return calloc(1, sizeof(struct tls_keypair)); | ||
| 30 | } | ||
| 31 | |||
| 32 | void | ||
| 33 | tls_keypair_clear_key(struct tls_keypair *keypair) | ||
| 34 | { | ||
| 35 | freezero(keypair->key_mem, keypair->key_len); | ||
| 36 | keypair->key_mem = NULL; | ||
| 37 | keypair->key_len = 0; | ||
| 38 | } | ||
| 39 | |||
| 40 | int | ||
| 41 | tls_keypair_set_cert_file(struct tls_keypair *keypair, struct tls_error *error, | ||
| 42 | const char *cert_file) | ||
| 43 | { | ||
| 44 | return tls_config_load_file(error, "certificate", cert_file, | ||
| 45 | &keypair->cert_mem, &keypair->cert_len); | ||
| 46 | } | ||
| 47 | |||
| 48 | int | ||
| 49 | tls_keypair_set_cert_mem(struct tls_keypair *keypair, const uint8_t *cert, | ||
| 50 | size_t len) | ||
| 51 | { | ||
| 52 | return tls_set_mem(&keypair->cert_mem, &keypair->cert_len, cert, len); | ||
| 53 | } | ||
| 54 | |||
| 55 | int | ||
| 56 | tls_keypair_set_key_file(struct tls_keypair *keypair, struct tls_error *error, | ||
| 57 | const char *key_file) | ||
| 58 | { | ||
| 59 | tls_keypair_clear_key(keypair); | ||
| 60 | return tls_config_load_file(error, "key", key_file, | ||
| 61 | &keypair->key_mem, &keypair->key_len); | ||
| 62 | } | ||
| 63 | |||
| 64 | int | ||
| 65 | tls_keypair_set_key_mem(struct tls_keypair *keypair, const uint8_t *key, | ||
| 66 | size_t len) | ||
| 67 | { | ||
| 68 | tls_keypair_clear_key(keypair); | ||
| 69 | return tls_set_mem(&keypair->key_mem, &keypair->key_len, key, len); | ||
| 70 | } | ||
| 71 | |||
| 72 | int | ||
| 73 | tls_keypair_set_ocsp_staple_file(struct tls_keypair *keypair, | ||
| 74 | struct tls_error *error, const char *ocsp_file) | ||
| 75 | { | ||
| 76 | return tls_config_load_file(error, "ocsp", ocsp_file, | ||
| 77 | &keypair->ocsp_staple, &keypair->ocsp_staple_len); | ||
| 78 | } | ||
| 79 | |||
| 80 | int | ||
| 81 | tls_keypair_set_ocsp_staple_mem(struct tls_keypair *keypair, | ||
| 82 | const uint8_t *staple, size_t len) | ||
| 83 | { | ||
| 84 | return tls_set_mem(&keypair->ocsp_staple, &keypair->ocsp_staple_len, | ||
| 85 | staple, len); | ||
| 86 | } | ||
| 87 | |||
| 88 | void | ||
| 89 | tls_keypair_clear(struct tls_keypair *keypair) | ||
| 90 | { | ||
| 91 | tls_keypair_set_cert_mem(keypair, NULL, 0); | ||
| 92 | tls_keypair_set_key_mem(keypair, NULL, 0); | ||
| 93 | } | ||
| 94 | |||
| 95 | void | ||
| 96 | tls_keypair_free(struct tls_keypair *keypair) | ||
| 97 | { | ||
| 98 | if (keypair == NULL) | ||
| 99 | return; | ||
| 100 | |||
| 101 | tls_keypair_clear(keypair); | ||
| 102 | |||
| 103 | free(keypair->cert_mem); | ||
| 104 | free(keypair->key_mem); | ||
| 105 | free(keypair->ocsp_staple); | ||
| 106 | free(keypair->pubkey_hash); | ||
| 107 | |||
| 108 | free(keypair); | ||
| 109 | } | ||
| 110 | |||
| 111 | int | ||
| 112 | tls_keypair_load_cert(struct tls_keypair *keypair, struct tls_error *error, | ||
| 113 | X509 **cert) | ||
| 114 | { | ||
| 115 | char *errstr = "unknown"; | ||
| 116 | BIO *cert_bio = NULL; | ||
| 117 | int ssl_err; | ||
| 118 | int rv = -1; | ||
| 119 | |||
| 120 | X509_free(*cert); | ||
| 121 | *cert = NULL; | ||
| 122 | |||
| 123 | if (keypair->cert_mem == NULL) { | ||
| 124 | tls_error_set(error, "keypair has no certificate"); | ||
| 125 | goto err; | ||
| 126 | } | ||
| 127 | if ((cert_bio = BIO_new_mem_buf(keypair->cert_mem, | ||
| 128 | keypair->cert_len)) == NULL) { | ||
| 129 | tls_error_set(error, "failed to create certificate bio"); | ||
| 130 | goto err; | ||
| 131 | } | ||
| 132 | if ((*cert = PEM_read_bio_X509(cert_bio, NULL, tls_password_cb, | ||
| 133 | NULL)) == NULL) { | ||
| 134 | if ((ssl_err = ERR_peek_error()) != 0) | ||
| 135 | errstr = ERR_error_string(ssl_err, NULL); | ||
| 136 | tls_error_set(error, "failed to load certificate: %s", errstr); | ||
| 137 | goto err; | ||
| 138 | } | ||
| 139 | |||
| 140 | rv = 0; | ||
| 141 | |||
| 142 | err: | ||
| 143 | BIO_free(cert_bio); | ||
| 144 | |||
| 145 | return (rv); | ||
| 146 | } | ||